By Dancho Danchev
In order for cybercriminals to launch, spam, phishing and targeted attacks, they would first have to obtain access to a “touch point”, in this case, your valid email address, IM screen name, or social networking account.
Throughout the years, they’ve been experimenting with multiple techniques to obtain usernames (YouTube user names, IM screen names, Hotmail email addresses) and valid email addresses from unsuspecting end and corporate users.
In this post we’ll profile a recently released Russian DIY email harvester, and emphasize on the difference between notice and experienced cybercriminals in the context of the tactics and techniques they use to obtain a potential victim’s email address.
Screenshots of the Email harvester in action:
As you can see in the attached screeenshots, the program works by parsing email addresses available on a particular web site. It doesn’t automatically crawl other pages parked on the same domain. Instead, the page to be parses has to be a static one. The program, currently advertised as cybercrime-friendly web forums, doesn’t necessarily represent an immediate threat to Internet users, thanks to its simplistic nature.
Last month, Webroot profiled an underground web service that continue selling millions of already harvested email addresses, next to another service, selling exclusive access to U.S Government and U.S Military email addresses, for potential use in targeted, segmented attacks, also known as advanced persistent threats.
The primitive web page parsing technique used in this email harvester, cannot be compared to the data mining of malware-infected hosts for valid emails, next to actually harvesting them in real-time by using Twitter. These increasingly popular email harvesting techniques continue being used by cybercriminals across the globe in order to ensure that they can successfully reach their prospective victims at any time.
Webroot advises users to be extra cautions when sharing their email on a publicly accessible Web server, as spammers are constantly crawling these in order to obtain fresh and valid email addresses.